If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Same hacker keeps finding my dynamic IP

My firewall keeps alerting me that the same IP address is trying to connect to my computer on a variety of different port numbers. I renewed my dynamic IP address several times and the person keeps finding me. What should I do? Somebody please help.

p508AD14F.dip.t-dialin.net is the account that ip is pointing to. get fport from foundstone.com and run it. look to see what's keep that local port open or if its opened at all. if something that you dont recognise is listening on that port you should run theCleaner which can be gotten from moosoft.com. it wouldn't hurt to do this anyway and keep your virus definitions up to date

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Are you completely sure you're running *NOTHING* that could be making any connections there? That includes spyware and adware?

Bear in mind that this high port number is not a well-known port, no attacker would reasonably attack that port number unless they had either planted a trojan there, or were scanning a lot of ports (which presumably would show up on your log)

Bear in mind that this person doesn't necesssarily know your IP; they may just be scanning the same range repeatedly and hitting whatever IP you're using that day.

Is it TCP or UDP? Is that port actually open? If so, what program is holding it open?

Do all of the above mentioned, and d/l a packet sniffer and log the packets and see exactly what it is that is transpiring. For someone to continually find your dynamic ip is extremely unlikely. Were that true then pretty guaranteed your have been trojaned. If not then as mentioned you are possibly seeing the ill effects of having run a p2p app.

if i trojaned someones box i would have to be pretty stupid to keep tring to reach it if after the first couple of times i failed because a fw was blocking the connection. your saying this happens repeatedly several times a min. no matter what ip your provider supplies you with. this is obviously some mindless automated device. is your fw configured to allow all outgoing packets or just selected ones?

try removing all the rules you've created in ZA and set it to ask you for permission for each connection attempt both incoming and outgoing. see if something on your machine is making repeated requests to that ip addy

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”